3 Answers
3

The ars technia story is about small businesses non-compliance with PCI DSS by hosting payment card transactions in vulnerable platforms. It is not about well prepared, IT security savvy small businesses being beaten by better hackers.

I believe this is a consequence of the small businesses not understanding the risks they are assuming. Assuming meaning taking upon themselves instead of mitigating or transferring.

Credit card users can mitigate exposure to payment card fraud by using one time use online credit card numbers. i.e. If the card number and authenticating data for a transaction are captured by a malicious adversary, the data would not allow the adversary to make a second charge.

What are the potential hazards to a small business owner?

The only potential hazard I can think of is the ability to disguise repeated use of a single unauthorized account.

For a single business owner this would require a adversary with a account capable of generating one time use credit card numbers targeting a single business with multiple transactions using different credit card numbers. I would assume the adversary would be able to make other associated information like name or shipping address appear unrelated. If this was the case fraud detection would be difficult.

However, I suspect most savvy malicious adversaries would spread the spending across many merchants to prevent detection by the credit issuer.

I suggest looking for 2 types of pre-paid cards in your local area. First, check local CVS or Walgreens for the Vanilla Visa. The better card is at the mall, though, and it's called the Simon Gift Card.